Overview

overview

8

Static

static

8

f847cf2fc1...18.apk

android-9-x86

8

f847cf2fc1...18.apk

android-13-x64

amap_resou..._0.apk

android-9-x86

amap_resou..._0.apk

android-10-x64

amap_resou..._0.apk

android-11-x64

Analysis

  • max time kernel
    5s
  • max time network
    143s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    18-04-2024 15:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f847cf2fc1467887889903b75d0014a2_JaffaCakes118.apk

  • Size

    22.3MB

  • MD5

    f847cf2fc1467887889903b75d0014a2

  • SHA1

    c294e1bc8957bef1d41657b504d2d149f1e5ff74

  • SHA256

    ef1c3d0871fae968200030c69fc888d83ab2ac10fdff7657f94655c389a199e8

  • SHA512

    153a4b432a259ef9eea09c886f34da506cedbad8a5a47932e67e94ef9677bd400dc8d27a9ee8f536bf2e36100b4f0eea9d4568de5d9a532f4bada62b42d73317

  • SSDEEP

    393216:413i0MEBTVjkD5PRv5RwQqlv5RXfSlGyUNdzhJoUNShi8LDM0s:j0M2AFPRwfFPk0hasd

Score
8/10
collectiondiscoveryevasion

Malware Config

Signatures

  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 5 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device. 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection. 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.beingmate.mestationmallpro
    1⤵
    • Requests cell location
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device.
    • Queries information about the current Wi-Fi connection.
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4286
    • /system/bin/sh -c getprop ro.board.platform
      2⤵
        PID:4315
      • sh -c getprop ro.yunos.version
        2⤵
          PID:4336
        • getprop ro.board.platform
          2⤵
            PID:4315
          • getprop ro.yunos.version
            2⤵
              PID:4336
            • /system/bin/sh -c type su
              2⤵
                PID:4367
              • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.beingmate.mestationmallpro/mix.dex --output-vdex-fd=50 --oat-fd=52 --oat-location=/data/data/com.beingmate.mestationmallpro/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
                2⤵
                • Loads dropped Dex/Jar
                PID:4382

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /data/data/com.beingmate.mestationmallpro/databases/bugly_db_legu
              Filesize

              4KB

              MD5

              f2b4b0190b9f384ca885f0c8c9b14700

              SHA1

              934ff2646757b5b6e7f20f6a0aa76c7f995d9361

              SHA256

              0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

              SHA512

              ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

              Download Submit
            • /data/data/com.beingmate.mestationmallpro/databases/bugly_db_legu-journal
              Filesize

              512B

              MD5

              6fdd2e9b4e3d21cb7f6dae516b46c586

              SHA1

              244484d478ceaf94ced845cf4766967b611f2253

              SHA256

              0819fcb1d5406902a9a23cec89983857dc996c47e687bfef5bc1dcfcb509fcbe

              SHA512

              ac8db6729ed83d63a56058d3faf1ce27593ead5ec782eb67da1abb1f549a77812fa692f0fa8656fc8ae2b21e96bcdfd285d992e041807e571698ec3a9b425e65

              Download Submit
            • /data/data/com.beingmate.mestationmallpro/databases/bugly_db_legu-shm
              Filesize

              28KB

              MD5

              cf845a781c107ec1346e849c9dd1b7e8

              SHA1

              b44ccc7f7d519352422e59ee8b0bdbac881768a7

              SHA256

              18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

              SHA512

              4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

              Download Submit
            • /data/data/com.beingmate.mestationmallpro/databases/bugly_db_legu-wal
              Filesize

              92KB

              MD5

              9d06aa76218d44944aa520982792d395

              SHA1

              4a86eee6491a1d9c82be848ead44bfe153f0ba27

              SHA256

              2bbce9bf90c15cd352b175c07578c0fbaaf20d87d68ca25b16e1bf503c7ffdb4

              SHA512

              9cc70537dc4488508afafd1ffde185a86da6ea6eba53691531f34bdaf1352c9ea0ea68e4bc873fe4f01d183d1d7723bb4d8ece849a3cb199240833068b06f12c

              Download Submit
            • /data/data/com.beingmate.mestationmallpro/mix.dex
              Filesize

              292B

              MD5

              63f77f99bd2c2b772a479923bde11974

              SHA1

              c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

              SHA256

              4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

              SHA512

              3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

              Download Submit
            • /storage/emulated/0/Android/data/com.beingmate.mestationmallpro/files/tbslog/tbslog.txt
              Filesize

              1KB

              MD5

              be00fe91c747cac09d551ad01b343a70

              SHA1

              81d6b68d43f754726f3f0a82fe773264edc1c844

              SHA256

              7f1f345c55c4183d2f46b14f67a6a62a078f56c3aad4673b6c84333f2d0c0f71

              SHA512

              26da39420a912a9b5c712a39d957bb195b61655532f3afbbfced0934746ee1d47ae6dfdf34f69752c15f2853efebe279d2960d6580bf82192b40d7b066208e63

              Download Submit